    |
  |
DNS SURVEY: APRIL 2005
This is a sub-page of the April 2005 report that includes a table of all nameserver software versions that we found.
Software Versions
For each address that sent a reply, we attempted to determine its software and version with two techniques. The first is to send a version.bind query to the address. The second is to use the fpdns tool to fingerprint the server.
The version.bind technique is simple because it is a single query/response. A BIND nameserver answers the query honestly unless the administrator has configured it to return a specific answer. Many people feel safer by obscuring the nameserver version string. Here are some of the interesting answers we received:
0x72 0x6d 0x20 0x2d 0x72 0x66 0x20 0x2f 310, btw we will consider finger print attempts malicious attemptsSecured !!! Please go away idiot lamer! ] A good version A secure version BIND_or_not_BIND Bind. James Bind. 007's the name Do you really need to know this. If so please call me looking it up here is rude Don't get too excited -- it's only a daemon Function Prohibited Beeioch! G0-AWAY-EVIL-HAX0RZ Go away hacker!!! You don't need that info. I wrote this message because I need a life. Can you guess why you found it? My version is so secret that I even don't know what I'm running on No chaos for you! Security trought obscurity? No shared this version. Shrek DNS Server. Mean Green Naming Machine This BIND is Non Version
Since the version.bind answer cannot always be trusted, we also use fpdns to try to determine the software version. fpdns sends a number of different queries to a nameserver and uses known quirks and behavior to deduce the version. One downside is that fpdns can not always give specific answers. For example, it might say the software is "BIND 8.3.0-RC1 -- 8.4.4"
We give the fpdns result priority over version.bind if both return an answer. Otherwise, we assume the version.bind answer is correct if it looks like a version string. The following table shows the breakdown of software and versions based on our analysis:
| BIND 9 | 145,091 | 57.13% |
| unknown | 123,161 | - |
| BIND 8 | 51,033 | 20.10% |
| Nominum CNS | 18,995 | 7.48% |
| Microsoft Windows 2000 | 16,362 | 6.44% |
| Microsoft Windows 2003 | 9013 | 3.55% |
| rbldnsd | 2764 | 1.09% |
| BIND 4 | 2400 | 0.95% |
| Cisco CNR | 2130 | 0.84% |
| totd | 1714 | 0.67% |
| Microsoft Windows NT4 | 1407 | 0.55% |
| MyDNS | 761 | 0.30% |
| simple DNS plus | 414 | 0.16% |
| PowerDNS | 334 | 0.13% |
| sheerdns | 305 | 0.12% |
| dnsmasq | 124 | 0.05% |
| pdnsd | 116 | 0.05% |
| AXIS Network Camera | 113 | 0.04% |
| TinyDNS | 93 | 0.04% |
| Fasthosts Envisage DNS server | 77 | 0.03% |
| QDDNS | 76 | 0.03% |
| simple DNS plus | 74 | 0.03% |
| Meta IP/DNS | 69 | 0.03% |
| pliant DNS Server | 59 | 0.02% |
| QuickDNS | 50 | 0.02% |
| small HTTP server | 44 | 0.02% |
| JDNSS | 43 | 0.02% |
| MaraDNS | 41 | 0.02% |
| Viking DNS module 2 | 32 | 0.01% |
| Microsoft DNS Server SP 6.0 | 30 | 0.01% |
| NSD | 25 | 0.01% |
| Netnumber ENUM server | 25 | 0.01% |
| Nildram DNSv0.9 | 23 | 0.01% |
| incognito DNS Commander | 22 | 0.01% |
| Microsoft Windows 2K3 (probably) | 18 | 0.01% |
| AOL2 | 13 | 0.01% |
| Posadis | 12 | 0.00% |
| dnscache | 10 | 0.00% |
| dnrd | 7 | 0.00% |
| UltraDNS | 6 | 0.00% |
| nomde DNS tunnel | 5 | 0.00% |
| DeleGate DNS | 5 | 0.00% |
| Viking DNS module | 4 | 0.00% |
| Microsoft DNS serverz 2.0b1 NT4/SP3 | 4 | 0.00% |
| dproxy | 4 | 0.00% |
| jnamed (dnsjava) | 3 | 0.00% |
| Nominum ANS | 2 | 0.00% |
| NonSequitur DNS | 2 | 0.00% |
| Net::DNS::Nameserver | 1 | 0.00% |
| Microsoft Server 2000 | 1 | 0.00% |
Note that the above percentages include only those nameservers for which we could determine a version. In fact we could not determine the version for alomst 33% of the nameservers that we found.
© 2020 The Measurement Factory.